DESCRIPTION
Stored XSS in the Profile Update page via the My Name field.
VENDOR
PHP Scripts Mall Pvt. Ltd.[Affected Product Code Base]PHP Scripts Mall Chartered Accountant : Auditor Website - 2.0.1
POC
Steps to reproduce-
Go to http://74.124.215.220/~projclient/client/auditor
1. Register and login an account.
2. GO to My Profile and update the My name field with the xss payload
<--`<img/src=` onerror=alert("Pw")> --!>.
3. The xss will be executed throughout all the pages visited.
A great deal of compelling information imparted by you, I really appreciate your work. The way you post such considerable blog is worth reading. Thank you for the share. Keep writing.
ReplyDeleteChartered accountants in UK
nice accounting services
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteBefore Commenting, I wanna say thank you for providing this great information. I feel too good to read it this awesome blog. Keep sharing this type of content.
ReplyDeleteTaj Mahal Tour From Delhi
Sunrise Taj Mahal Tour
Overnight Taj Mahal Tour From Delhi